Principle:Microsoft Playwright Validate API Responses
| Knowledge Sources | |
|---|---|
| Domains | API_Testing, HTTP, Assertions |
| Last Updated | 2026-02-11 00:00 GMT |
Overview
Validating HTTP response status codes, headers, and body content is the fundamental assertion mechanism for verifying that an API behaves correctly under test conditions.
Description
After sending an HTTP request, the test must inspect the response to determine whether the API behaved as expected. Response validation covers three primary dimensions:
Status Code Validation
The HTTP status code is the first and most fundamental check. Common assertions include:
- Success codes (2xx): Verifying that a request succeeded with
200 OK,201 Created, or204 No Content. - Client error codes (4xx): Verifying that invalid requests are properly rejected with
400 Bad Request,401 Unauthorized,403 Forbidden, or404 Not Found. - Server error codes (5xx): Detecting unexpected server failures.
- Convenience check: Many frameworks provide an
ok()method that returnstrueif the status is in the 200-299 range.
Header Validation
Response headers carry metadata about the response:
- Content-Type: Verifying the response format (e.g.,
application/json). - Cache-Control: Confirming caching directives are set correctly.
- Set-Cookie: Validating authentication tokens or session cookies.
- Custom headers: Checking application-specific headers such as rate limit information or request identifiers.
Body Validation
The response body contains the actual data returned by the API:
- JSON parsing: Deserializing JSON responses into objects for structural validation.
- Text content: Reading the body as a string for pattern matching or comparison.
- Binary content: Accessing raw bytes for file download or binary protocol testing.
- Schema validation: Verifying that the response structure matches an expected JSON schema.
- Field-level assertions: Checking specific fields, nested objects, array lengths, and data types.
Usage
Apply this principle whenever:
- You need to verify that an API returns the correct status code for a given request.
- You are checking that response headers contain expected values.
- You need to parse and inspect JSON response bodies.
- You are testing error responses to ensure proper error messages and codes.
- You want to validate the complete contract between client and server.
Theoretical Basis
Response validation follows the Assert phase of the Arrange-Act-Assert pattern:
// Execute a request (Act)
response = httpClient.get("/api/users/42")
// Validate status code
assert(response.status() == 200)
assert(response.ok() == true)
// Validate headers
assert(response.headers()["content-type"] contains "application/json")
// Validate JSON body
body = response.json()
assert(body.id == 42)
assert(body.name == "Alice")
assert(body.email is a valid email format)
// Validate error responses
errorResponse = httpClient.get("/api/users/99999")
assert(errorResponse.status() == 404)
errorBody = errorResponse.json()
assert(errorBody.error == "User not found")
Response validation can be categorized by strictness:
- Loose validation: Only checking that the status is OK and the body is non-empty. Suitable for smoke tests.
- Structural validation: Checking that the response has the expected shape (correct keys, correct types) without asserting specific values. Suitable for contract tests.
- Strict validation: Checking exact values, array lengths, and field contents. Suitable for functional tests.
The response object should provide lazy evaluation for body parsing: the body bytes are fetched only when explicitly requested (via json(), text(), or body()), avoiding unnecessary deserialization overhead when only status or headers are needed.